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Acompáñame a ver esta triste historia 
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The DAO 


Decentralized autonomous organization 


5 Crowdsale con más de $150 M 
y 11 000 inversionistas. 

5 Lanzada el 30 abril, 2016. 

> Jaqueada el 20 de julio, 2016. 


> 43 de los fondos robados. 


https://en.wikipedia.org/wiki/The_DAO (organization) 


The DAO 


Proponer un split - newProposal 


TxHash: 0x5798fbc45e3b63832abc4984b0f3574a13545f415dd672cd8540cd71f735db56 
Block Height: 1664614 (5497618 Block Confirmations) 
TimeStamp: 969 days 33 mins ago (Jun-08-2016 05:38:01 AM +UTC) 
From: 0xb656b2a9c3b24164373811e07466ca712f5a5b5a 
To: Contract 0xbb9bc244d798123fde783fcc1c72d3bb8c189413 (TheDAO) 9 
Value: 0 Ether ($0.00) 
Gas Limit: 312393 
Gas Used By Transaction: 212393 (67.9996) 
Gas Price: 0.00000002 Ether (20 Gwei) 
Actual Tx Cost/Fee: 0.00424786 Ether ($0.45) 
Nonce & {Position}: 01 {7} 
Input Data: 
s Name Type Data 


https://etherscan.io/tx/0x57 98fbc45e3b63832abc4984b0f3574a13545f4 1 5dd672cd8540cd7 1f735db56 


Ataque de reentrancia 


El programa es interrumpido y vuelve a llamarse. 


function splitDAO( 
vam [proposal TD); 


OCE) _ MENCUTATOE 


) mouse onlylokenholcers retiens (000l  suecess) 1 


uint fundsToBeMoved = 


(balances[msg.sender] * p.splitData[0].splitBalance) / 


ores ists» cite MONTIS rts n Sup y 


if (p.splitData[0].newDAO.createTokenProxy.value(fundsToBeMoved) (msg.sender) -- false) 


throw; 


withdrawRewardFor (msg.sender); 


totalSupply -= balances[msg.sender]; 
balances[msg.sender] = 0; 
paidOut[msg.sender] = 0; 


return true; 


Ataque de reentrancia 


El programa es interrumpido y vuelve a llamarse. 


function yraliclacheswiNeweieclore (address accoume) more interna icicles (lool success) | 


if ((balanceOf( account) * rewardAccount.accumulatedInput()) / totalSupply < paidOut[ account]) 


throw; 


uint reward - 


(balanceOf( account) * rewardAccount.accumulatedInput()) / totalSupply - paidOut[ account]; 
if (!rewardAccount.payOut( account, reward)) 
throw; 


paidOut[ account] += reward; 


return true; 


Ebert payout (addesss recipient, uint amount) returns (eoo) | 


LE ( récipient. call. value amount) ()) A 
ErmwOwiE( recipient; amount), 


return true; 


The DAO 


Decentralized autonomous organization 


> Phil Daian: 
http://hackingdistributed.com/2016/06/18/analysis-of-the-dao-exploit/ 

> Sigma Prime: 
https://blog.sigmaprime.io/solidity-security.html#reentrancy 

> Ethereum Foundation: 


https://blog.ethereum.org/ 


King of the Ether 


Un scam 


Suponga que el precio por el trono es 10 ether. 

Si quiere ser reina, envíe 10 ether. 

El contrato envía 10 ether (menos una comisión de 1%) 
a la reina anterior. 


El precio del trono sube 50%. 


Valor de retorno de send no verificado 


La transacción falla, pero la ejecución continua. 


«Qu 


function claimThrone(string name) { 


uint valuePaid = msg.value; 


if (valuePaid « currentClaimPrice) { 


msg.sender.send(valuePaid) ; 


return, 
} 
uint wizardCommission = (valuePaid * wizardCommissionFractionNum) / wizardCommissionFractionDen; 
uint compensation = valuePaid - wizardCommission; 
if (currentMonarch.etherAddress != wizardAddress) { 


currentMonarch.etherAddress.send(compensation); 


pastMonarchs.push(currentMonarch); 


currentMonarch - Monarch(msg.sender, name, valuePaid, block.timestamp); 


uint currentClaimPrice - currentClaimPrice * claimPriceAdjustNum / claimPriceAdjustDen; 


King of the Ether 


Un scam 


TxHash: 0x6d41b1d3e9b01efcOcc63b5c7ee162bccffe5af00fba3940850b09bfcbee0cge 

Block Height: 967395 (6195185 Block Confirmations) 

TimeStamp 1090 days 20 hrs ago (Feb-07-2016 11:58:16 AM +UTC) 

From: Ox9dec4be08b93838697fba22c3cdd28c1a03ed159 

To: Q Contract 0xb336a86e2feble87a328fcb7dd4d04de3df254d0 i 
Although one or More Error Occured [Out of gas] Contract Execution Completed 

Value: 42.7 Ether ($4,554.38) 

Gas Limit: 500000 

Gas Used By Transaction: 146172 (29.2396) 

Gas Price: 0.00001 Ether (10,000 Gwei) 

Actual Tx Cost/Fee: 1.46172 Ether ($155.91) 

Nonce & (Position): 10 | {0} 


Input Data: 


8x4d61626f7220546f6d 


https://etherscan.io/tx/0x6d41b1d3e9b01efc0cc63b5c7ee162bccffe5af00fba3940850b09bfchee0c9e 


King of the Ether 


Un scam 


Is this safe? Or will we up with all the ether trapped in a 
DarkKingdom? 


As the Disclaimer below points out, sending funds to experimental contracts using 
experimental wallets in experimental crypto-currency networks is probably not particularly 
safe. 


However, we have put considerable effort into mitigating the risks - see our Contract Safety 
Checklist. 


https://www.kingoftheether.com/thrones/kingoftheether/index.html 


King of the Ether 


Un scam 


> King of the Ether post-mortem: 
https://www.kingoftheether.com/postmortem.html 
+ Smart Contracts Weakness Classification: 


https://smartcontractsecurity.github.io/SWC-registry/docs/SWC-104 


Parity Multisig Wallet 


Parte de un cliente de Ethereum. 


Para que los fondos estén más seguros, 


se ponen en un contrato con más de una TÍ. 


dueña. 


150,000 ETH (~30M USD) robados. ^ 


NS 
NN 


Visibilidad predeterminada 


Cualquiera puede llamar a una función sensible. 


contract WalletLibrary is WalletEvents { 


Eumeeton 3umab Welle (address owners, mine zegtie, uint caÿlimic) d 


initDəylimit( elei amati) ; 


initMultiowned( owners, requiredy; 


contract Wallet is WalletEvents { 


function Weller (adoress[] owners, Uint reguired, uint daylimiti í 


initWallet 


function() payable { 


walletLibrary.delegatecall (msg.data); 


Parity Multisig Wallet 


Parte de un cliente de Ethereum. 


> Zeppelin: 
https://blog.zeppelin.solutions/on-the-parity-wallet-multisig-hack-405a8c12e8f7 
> Parity: 


https://www.parity.io/security-alert/ 


Parity Multisig Wallet 


Otra vez. 


«Monederos creados después del 19 de julio de 2017 
están seguros». 

8 de noviembre, 2017: «Lamentablemente, este 
código tenía otra vulnerabilidad». 


E devops199 commented 2 days ago « edited + 


| accidentally killed it. 


Delegatecall 


El código se ejecuta en el contexto del contrato incorrecto. 


contract WalletLibrary is WalletEvents { 


function imithelletr (address owners, wine récuisecd, ie cavylimitr) only uninitialized | 
initDaylimit( dəylimit); 


initMultiowned( owners, requiredi; 


function kit] (address to) onlymanyowners (sha>(mog.-data)) external À 


Suicide (119) 5 


contract Wallet is WalletEvents { 


function() payable { 


vel ler ibrary- delegatecaii (nsc.cate) r 


Parity Multisig Wallet 


Parte de un cliente de Ethereum. 


> Matt Condon: 


https://hackernoon.com/parity-wallet-hack-2-electric-boogaloo-e493f2365303 
> Parity: 


https://www.parity.io/security-alert-2/ 


Denial of Service 


GovernMental 


creditorAddresses = new address[] (0); 


creditorAmounts = new uint[] (0); 


Constructor typo 
Rubixi 


contrac loss | 

address private creator; 
//Sets crea 
function DynamicPyramid() { 


creator - msg.sender; 


Underflow 
Proof of Weak Hands Coin 


function sell(uint256 amount) internal { 


var numEthers = getEtherForTokens (amount); 


// remove token 


[65] 


totalSupply -= amount; 


balanceOfOld[msg.sender] -— amount; 


// fix payouts and put the ethers in payout 


var payoutDiff = (int256) (earningsPerShare * amount + (numEthers * PRECISION)); 
payouts[msg.sender] -= payoutDiff; 
totalPayouts -- payoutDiff; 


Aprender más en 


ethernaut.zeppelin.solutions 


iGracias! 


Aprender más Contacto 
zeppelin.solutions elopio@zeppelin.solutions 
openzeppelin.org @yoelopio 


Zeppelinos.org keybase.io/elopio 


